And here, basically, was the response from anybody who’s ever heard of Cambridge Analytica: Hysterical laughter with a bit of “Oh, hell NO. We should trust Facebook with our financial data why!?”

And here, in essence, was Facebook’s response, as it tried once again to convince everybody that it knows how to spell the word “privacy”: No, we aren’t asking for financial data! We just want to insert ourselves between you and your bank and keep you from waiting on the phone so long. Because bots! Chatbots! In Messenger!

Facebook has, in fact, approached big banks, including Wells Fargo, JPMorgan Chase, Citigroup and US Bancorp, with an eye toward partnering. According to the WSJ, this is how it envisions this swap: the banks will give Facebook its users’ banking data, and the platform would give bank customers the ability to conduct business within Facebook itself – specifically, within Messenger.

People familiar with the discussions in the talks told the newspaper that one feature Facebook has talked about would show its users their checking-account balances. It’s also pitching fraud alerts, some insiders have said. The WSJ also reports that the banks have been hit up by Google and Amazon on the data-sharing front: they reportedly want to provide basic banking services on applications such as Google Assistant and Alexa.

A spokesperson for Facebook told The Next Web that no, Facebook hasn’t asked banks for users’ transaction data. Rather, this is all about getting banking chatbots into Messenger to chat us up.

Facebook’s statement:

Like many online companies with commerce businesses, we partner with banks and credit card companies to offer services like customer chat or account management. The idea is that messaging with a bank can be better than waiting on hold over the phone – and it’s completely opt-in. We’re not using this information beyond enabling these types of experiences – not for advertising or anything else.

Unfortunately for Facebook’s bot plans, users are still steaming over the Cambridge Analytica revelations, and banks have caught the user data heebie-jeebies.

After all, it’s been a scarce six months since news emerged about Facebook losing control of 50m users’ data – data that wound up getting sucked up by a developer and sold to the data analytics firm so it could flesh out a tool to sell to Steve Bannon.

That tool was designed to use Facebook users’ personalities and other data so as to target Americans’ inner demons and influence their behavior in the 2016 US presidential election. Cambridge Analytica founder Christopher Wylie described it as “Steve Bannon’s psychological warfare mindf**k tool.”

The data crisis might have been sparked by Cambridge Analytica, but it’s spread well beyond it to reveal that Facebook’s been sloppy with plenty more companies that have been lapping up its user data. There was CubeYou, yet another firm that dressed up its personal-data snarfing as “nonprofit academic research,” in the form of personality quizzes, and then handed over the data to marketers, a la Cambridge Analytica. Facebook suspended CubeYou in April.

Then, in June, Facebook suspended AggregateIQ, an analytics firm, for collecting and storing data on thousands of Facebook users. The company is reportedly tied to Cambridge Analytica and allegedly left CA’s code lying around, open for all to access.

All of this user data bungling has led to multiple grillings by Congress (here’s Day One, with CEO Mark Zuckerberg’s questioning by the US House of Representatives, and here’s Day Two, when he was questioned by the Senate) …plus, in March, the Federal Trade Commission (FTC) launched an investigation into Facebook and how Cambridge Analytica used Facebook user data.

At this point, to put it lightly, many won’t be soothed by Facebook’s assurance that it’s not out to strip our financial data from banks and do lord knows what new marketing/data crunching/fumbling with it.

Meanwhile, the banks that Facebook’s cozying up to are reportedly keeping it at arm’s distance, citing concerns about data privacy. People familiar with the talks say that it’s a sticking point, the WSJ reports, and a spokesperson for Wells Fargo told NY Daily News that it’s just not going there:

Maintaining the privacy of customer data is of paramount importance to Wells Fargo. We are not actively engaged in data-sharing conversations with Facebook.

…while Trish Wexler, a spokeswoman for JPMorgan Chase, told the Daily News and WSJ that the bank isn’t sharing such “off-platform” transaction data with Facebook, and it’s had to “walk away from some opportunities as a result.”

Another bank recoiled on Monday: the multibillion-dollar Italian banking conglomerate UniCredit last week said it stopped advertising on Facebook, given that “it’s not acting in an ethical way.”

So that’s what the banks are saying …Publicly, at any rate. All this talk about customers’ privacy might be just a teensy bit coy, though.

At least one of us here at Naked Security is taking Facebook at its word on this one. Mark Stockley says that he’s come away from having written thought leadership pieces for a banking software company well-assured that banks are…

SUPER EXCITED about banking over chat bots, for good reason. The customers that banks really want are spending their time buried in WhatsApp and Facebook Messenger, and the banks are trying to figure out how to be accessible on those platforms. It’s a rerun of what they did with telephone banking, online banking and then mobile banking.

You can see the push, coming as it is from the financial whipper snappers who own the next generation of mobile banking. As “finance and tech guy” Segun Adeyemi wrote in a Medium article last November, money conversations are happening on social media, but the transactions skip out and happen somewhere else: on Venmo, for example.

PwC has been surveying consumers about their banking habits for several years. In this year’s survey, its No. 1 “big theme” was blunt and very Messenger-friendly: “Think mobile-first, or else.”

The banks obviously believe that they’ve got to get mobile or get out. Given the financial landscape, it’s hard to imagine they’re not excited to be talking to Facebook about how they can inject themselves into the mobile world, regardless of what they say about users’ financial data privacy.

Whatever happens in the push to get banking mobile, let’s just hope that the banks, and Facebook, actually mean what they say about the importance of privacy. The last thing we need, or that Facebook needs, is a Cambridge Analytica-style pratfall with our banking data.

Post navigation

About the author

Lisa has been writing about technology, careers, science and health since 1995. She rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash and joined the freelancer economy. Alongside Naked Security Lisa has written for CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output.

The chatbot is not the end in itself, it is simply the appropriate interface for the platforms the banks want to be on, which are the platforms young people are on: WhatsApp, Facebook Messenger et al. Chatbots are to message apps what apps are to mobile phones and websites are to the web.

So a chatbot on Telegram might be a better chatbot, but it’s an answer to the wrong question.

No Way! That is a recipe for total disaster. It would open the door to every form of theft and fraud imaginable. Why would anyone want to share their bank transactions, statements, etc with everyone else?

No I wouldn’t like it, I really like how my bank operates and they text me with any changes that come up so there isn’t really any area for improvement. I do use Fb and Messenger but only to see whats occurring locally and to buy cheap crapstuff on Marketplace.

Facebook will do anything to get its hooks deeper in to its user base so they don’t all leave. Banks will do anything to maximise profits, so I would never rule out their participation. They’ll both talk about privacy so everyone can feel reassured that they’ve talked about privacy. I understand the arguments on both sides but still just threw up in my mouth a little.

Lots of people are saying no because they don’t trust Facebook, I would also say no because I don’t want to trust my bank more than I have to.

Banks are all interconnected with each other and other financial institutions such as insurance companies and pension providers. I would not want my bank to be able to link my account with them to my Facebook feed, and decide to raise my insurance premiums because they saw photos of a party where alcohol was available.

Hell no Facebook don’t need nobody’s bank account or Bank anything about their Banks cuz that’s none of their business and I don’t think it’s right for them to have it or anybody else that is are personal rights not theirs so if they let Facebook takeover yes I will cancel Facebook and I got all my friends will too that’s what’s wrong with these people that trying to take over everybody’s business they should stay out of it

it’ll probably happen though. If not soon then over the next year or so. And if not on Facebook then on another app.
There is a growing younger generation of smartphone obsessed people who want to do everything through their phones some of who will be more than happy to place convenience over security.
Please let me be wrong.
Please let the younger generations be as smart as I think they are.

If it’s illegal for bank statements to be opened and read, stalking people is illegal, and people are innocent until proven guilty, then why do we tolerate this behaviour with the internet?

If Facebook was a person then you would arrive home to find them rummaging through your personal belongings, while Google was busy categorizing them and some government agency would be performing a house search without a warrant. These companies and organisations need legislating and privacy needs to be defined clearer:

1) You and only you have access to information
2) Financial and medical organisations have access
3) You and your immediate family have access
4) You, your family and friends have access
5) You, your family, your friends and work colleagues have access
6) General public have access with the right to delete any time
7) General public have access without the right to delete

I’m sure these categories could be further refined and as far as I’m concerned the only information they should be able to access without your permission should be anything you publicly disclose. Isn’t it about time that we had a democratic discussion about how we should or should not allow these companies to operate rather than having them dictate their terms? Have we forgotten that we democratically vote for MP’s to represent us who debate and pass laws that these companies and organisations must adhere to? Violating these fundamental privacy rights will only lead to further abuses of manipulation and corruption – democracy without privacy is a dictatorship.